Details
-
Bug
-
Resolution: Done
-
Major
-
12.1.10.Final
-
None
Description
When configuring SSL for hotrod and rest, the server starts with no errors or warning even if the 'alias' does not exist in the jks keystore.
Log contents:
2022-05-17 11:29:10,465 INFO (main) [org.wildfly.openssl.SSL] WFOPENSSL0002 OpenSSL Version OpenSSL 1.1.1k FIPS 25 Mar 2021 2022-05-17 11:29:10,479 INFO (main) [org.infinispan.SECURITY] ISPN000946: Using OpenSSL Provider [...] 2022-05-17 11:29:16,583 INFO (ForkJoinPool.commonPool-worker-3) [org.infinispan.SERVER] ISPN080018: Started connector HotRod (internal) 2022-05-17 11:29:16,787 INFO (main) [org.infinispan.SERVER] ISPN080018: Started connector REST (internal) 2022-05-17 11:29:17,100 INFO (main) [org.infinispan.SERVER] ISPN080004: Connector SINGLE_PORT (default) listening on 0.0.0.0:11222 2022-05-17 11:29:17,100 INFO (main) [org.infinispan.SERVER] ISPN080034: Server 'site1-datagrid1(site-id=site1, machine-id=site1-datagrid1)' listening on [https://0.0.0.0:11222|https://0.0.0.0:11222/]
But the SSL port is not operational:
# curl -v -v https://localhost:11222/rest/v2/cache-managers/default/health/status
* Trying 127.0.0.1:11222...
* Connected to localhost (127.0.0.1) port 11222 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:11222
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:11222
# openssl s_client -connect localhost:11222
CONNECTED(00000003)
write:errno=0
—
no peer certificate available
—
No client certificate CA names sent
—
SSL handshake has read 0 bytes and written 235 bytes
Verification: OK
—
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
—
It should instead WARN or ERROR about the problem.